HUS confirms data breach by ex-staff member, hundreds of patients' data compromised | News | Yle Uutiset

HUS confirms data breach by ex-staff member, hundreds of patients' data compromised
An internal investigation by the Helsinki and Uusimaa Hospital District (HUS) into data protection uncovered three instances of data breaches involving patients' information.

Two hospital critical care beds, side by side, surrounded by treatment equipment.

Open image viewer
One of the discovered breaches already occurred in 2021 but was only disclosed to affected patients this summer. Image: Elina Ervasti / Yle
YLE NEWS
23.8 11:24

Share
The Helsinki and Uusimaa Hospital District (HUS) has discovered that a former employee, who served as a practical nurse within the district, breached the privacy of nearly 1,000 patients.

The case was confirmed by HUS Administrative Chief Medical Officer (AVMO) Teppo Heikkilä, who said the nurse gained access to the files through the Apotti patient record system.

"The number of victims is around 900 patients," Heikkilä told Yle, adding that the breach was "indeed unusually extensive."

Heikkilä further noted that the nurse was no longer employed by HUS but did not confirm whether the employment was terminated because of the suspected hacking.

The data breach occurred in 2021, but it was only this summer that the affected patients were notified about the violation of their privacy.

On Tuesday, the Hospital District issued a statement regarding two additional suspected, but smaller, breaches. These incidents involved unauthorised access to the medical records of "several dozens or hundreds" of patients.

"We notify patients as soon as we become aware of these breaches," Heikkilä said, adding that "all instances were discovered through HUS's internal data protection monitoring."

HUS has not yet notified all individuals affected by the other two smaller data breach incidents.

Heikkilä expressed regret over these hacking incidents, stating that security breaches at HUS are rare, averaging "a few cases a year."

"As an organisation, we deeply regret that some of our staff members have misused their privileges in this manner," he said. "We are committed to preventing such occurrences in the future and enhancing our data protection measures to prevent them from happening again."

In late April, the National Bureau of Investigation (NBI) announced an ongoing investigation into unauthorised data breaches in both the population information system and the HUS patient information system, which had come to light earlier.

"Every patient has the right to file a police report to request an investigation," Heikkilä said.

More on the subject: The package contains 1 article